I
Ian Harding
I have created a certificate on a directory server, and imported it into
the Java keystore on my client machine. Listing the keystore contents
includes the certificate data:
Alias name: testpc18
Creation date: 01-Sep-2005
Entry type: trustedCertEntry
Owner: CN=testpc18, DC=cornwall, DC=company, DC=com
Issuer: CN=testpc18, DC=cornwall, DC=company, DC=com
Serial number: 6137514bb844f8b84515cfc29f48d742
Valid from: Thu Sep 01 13:15:54 BST 2005 until: Wed Sep 01 13:20:51 BST 2010
Certificate fingerprints:
MD5: 31:8E:C0:42:86:7D:42:27:63:26:91:A8:41:95:25:C2
SHA1: 01:2C:56:1E
D:559:5B:93:A7:B2:A0:F6:72D:A7:60:B2B:89
I use this client code (based on a sample found on the web):
Hashtable env = new Hashtable();
String adminName =
"CN=Administrator,CN=Users,DC=CORNWALL,DC=COMPANY,DC=COM";
String adminPassword = "xxxxxx";
String ldapURL = "ldaps://testpc18:636";
String keystore = "C:/Program Files/Java/j2re1.4.2_03/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put(Context.PROVIDER_URL,ldapURL);
try {
DirContext ctx = new InitialLdapContext(env,null);
....
At runtime, the last line throws an exception
"javax.naming.CommunicationException: simple bind failed: testpc18:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found]"
The client does have the trusted root certificate for the directory
server (running Active Directory on Windows Server 2003 SP1, if that's
relevant). I am definitely passing the correct keystore to the client
app, and the certificate has definitely been added to it.
Can anyone help me spot what I'm doing wrong?
Thank you,
Ian
the Java keystore on my client machine. Listing the keystore contents
includes the certificate data:
Alias name: testpc18
Creation date: 01-Sep-2005
Entry type: trustedCertEntry
Owner: CN=testpc18, DC=cornwall, DC=company, DC=com
Issuer: CN=testpc18, DC=cornwall, DC=company, DC=com
Serial number: 6137514bb844f8b84515cfc29f48d742
Valid from: Thu Sep 01 13:15:54 BST 2005 until: Wed Sep 01 13:20:51 BST 2010
Certificate fingerprints:
MD5: 31:8E:C0:42:86:7D:42:27:63:26:91:A8:41:95:25:C2
SHA1: 01:2C:56:1E
D:559:5B:93:A7:B2:A0:F6:72D:A7:60:B2B:89I use this client code (based on a sample found on the web):
Hashtable env = new Hashtable();
String adminName =
"CN=Administrator,CN=Users,DC=CORNWALL,DC=COMPANY,DC=COM";
String adminPassword = "xxxxxx";
String ldapURL = "ldaps://testpc18:636";
String keystore = "C:/Program Files/Java/j2re1.4.2_03/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put(Context.PROVIDER_URL,ldapURL);
try {
DirContext ctx = new InitialLdapContext(env,null);
....
At runtime, the last line throws an exception
"javax.naming.CommunicationException: simple bind failed: testpc18:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found]"
The client does have the trusted root certificate for the directory
server (running Active Directory on Windows Server 2003 SP1, if that's
relevant). I am definitely passing the correct keystore to the client
app, and the certificate has definitely been added to it.
Can anyone help me spot what I'm doing wrong?
Thank you,
Ian